Breadcrumbs

Facebook Violates Its Users' Privacy Yet Again

December 19, 2018

Original photo by Anthony Quintano via Wikimedia Commons

Another Facebook scandal?!?

That’s right. The social-media giant has found its way into the spotlight once again: A New York Times investigation published Tuesday reveals that the company has given Amazon, Microsoft, Netflix, Yahoo and others unprecedented access to user data in what appears to be a violation of a consent decree Facebook reached with the Federal Trade Commission over previous privacy violations.

It’s past time for the government to hold Facebook accountable to its users and to the public. The FTC needs to enforce its agreements and stop sitting on its hands. The very consent decree the agency reached with Facebook contemplates fines of thousands of dollars per violation. This means that Facebook, one of the highest-valued companies on Earth, could be liable for billions of dollars in damages for violating that agreement.

Facebook has long claimed that the company doesn’t sell user data, but the Times investigation reveals it’s instead doing the next best (worst?) thing: entering into partnerships with more than 150 companies and giving them unprecedented access to our personal information and data.

All of this, of course, is happening without our permission.

The latest revelations

The New York Times story uncovers precisely how much data Facebook’s “partners” have had access to for the last eight years — including private messages, email addresses and phone numbers. Facebook never told users their information was being shared in this way.

Facebook allowed some of the largest tech companies to access Facebook users’ private messages across the network. The company also allowed extraordinary access to personal information even if users had disabled all sharing.

This is merely the latest in a long line of revelations that point to a straightforward conclusion: Facebook is failing its users on multiple fronts.

In response to criticism about how it violated its users’ privacy and failed to stop foreign-election interference on the platform, Facebook paid a conservative PR firm to tie advocacy groups to philanthropist George Soros, tapping into hateful anti-Semitic tropes and tactics. Specifically, Facebook went after company critics including racial-justice nonprofit Color Of Change and groups that launched the Freedom from Facebook campaign. Facebook also worked feverishly to undermine the Russia investigation.

Again and again, revelation after revelation shows that Facebook fails to protect its users’ information. Instead of respecting its users’ wishes and controls on privacy, it’s repeatedly granted large companies access to private data.

Facebook's 2011 consent decree

Facebook has been criticized for privacy violations practically since its inception.

In 2009, after settling a class-action lawsuit for sharing information without its users’ permission, it changed its privacy policies again, promising that it would allow information to be shared only to groups that users selected. But then, as now, it allowed companies access to user information far beyond the bargain that people made through their privacy settings.

Because of these practices, the FTC charged Facebook for its deceptive practices in a lawsuit. To settle those charges, the company entered into an agreement with the FTC, known as a consent decree, for failing to keep its promises to its users.

In the decree, the FTC “barred [Facebook] from making misrepresentations” about its users’ privacy and required the company to get explicit consent from its users if and when it made any changes that overrode their privacy preferences.

The FTC’s approach so far has been timid. Given that the agency’s new director of consumer protection has conflicts of interest with over 120 companies, including Facebook, maybe that shouldn’t be a surprise.

In March, the FTC confirmed that it had reopened its investigation into Facebook’s practices. But a looming investigation and the mere threat on paper of serious fines has done nothing to change the company’s behavior. To end business as usual — and stop the exploitation of our personal data — we need real action from the FTC and increased pressure from Congress.

We’ve had enough. The public must demand more of our enforcement agencies, and we must demand more of companies that gather detailed information about our lives. The FTC should aggressively seek punitive damages against Facebook and put a stop to its deceptive behavior.

And if he can’t make real changes, CEO Mark Zuckerberg should step down and the Facebook board should find someone who will do the right thing.